CVE-2022-1607

Name of the Vulnerable Software and Affected Versions ABB Pulsar Plus System Controller NE843 S version comcode 150042936 ABB Infinity DC Power Plant versions H5692448 G104, H5692448 G842, H5692448 G224L, H5692448 G630-4, H5692448 G451C(2), H5692448 G461(2) – comcode 150047415

Description The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability, which affects the ABB Pulsar Plus System Controller NE843 S and the ABB Infinity DC Power Plant. This vulnerability is associated with insufficient input validation, allowing a remote attacker to implement a CSRF attack.

Recommendations For ABB Pulsar Plus System Controller NE843 S version comcode 150042936, consider disabling the vulnerable component until a patch is available. For ABB Infinity DC Power Plant versions H5692448 G104, H5692448 G842, H5692448 G224L, H5692448 G630-4, H5692448 G451C(2), H5692448 G461(2) – comcode 150047415, restrict access to the vulnerable module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.